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DATA TRANSMISSION PROCESS AND SYSTEM 

Reference to Prior Application 

This application for patent claims the benefit of the 
filing date of U.S. Provisional Application for Patent Serial 

5 No. 60/335,174, titled "Live Streamer Distributed Internet 
Broadcast System" and filed on October 31, 2001. 

Field of the Invention 

The present invention relates, in general/ to data 
transmission in a network and, more specifically, to data 
10 broadcasting in a distributed network. 

Backgrounds o£ the Invention 

The advances in computing technology and network 
infrastructure hatfe provided opportunities for transmitting 
digital media of many forms with high speed. Business and 

15 consumers have become accustomed to receiving large amounts of 
information over the network. This information may be 
business oriented, e.g., market reports, product information, 
etc., or personal use or entertainment oriented, e.g., movies, 
digital video or audio programs. Information providers or 

20 content providers often need to transmit this information to 
many clients over the network simultaneously. 

Transmitting information to multiple clients over the 
network consumes the resources r e.g., bandwidth, of the 
content provider sites. As the amount of data transmission 

25 approaches the capacity of a content provider site, it will 
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refuse any additional client request. In addition, the epeed 
and overall quality of data transmission often deteriorate aa 
the requested data consume the bandwidth of the content 
provider, Thie problem is especially acute for digital video 
S or audio program broadcasting. 

In order to solve this problem, the content provider 
site may mirror its content to one or more server sites, which 
are also referred to as mirror sites. The mirror sites then 
transmit data to clients, thereby alleviating the load on the 
10 central content provider. However, establishing and 

maintaining mirror sites place economic burdens on the content 
providers . 

U.S, Patent No. 6,108,703, titled "Global Hosting 
System" and issued on August 22, 2000 , discloses a distributed 

15 hosting framework including a set of content servers for 

hosting at least some of the embedded objects of a web page 
that are normally hosted by the central content provider 
server. The distributed content servers are located closer to 
the clients than the content provider server and alleviate the 

20 load on the content provider server. However, like mirror 
siteB, the content servers are economically inefficient to 
establish and operate, 

U.S. Patent No. 5,884,031, titled "Method for 
Connecting Client Systems into a Broadcast Network' 7 and issued 

25 on March 16, 1999, discloses a process for connecting client 

systems into a private broadcast network. The private network 
has a pyramid structure, with the content provider server at 
the top and client servers coupled directly or indirectly 
through other client servers to the content provider server. 

30 The pyramid structure allows the content provider server to 
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transmit data to more clients than its server port. However, 
the pyramid structured private network according to the 
5, 844,031 patent is inefficient in making full use of the 
network capacity, e.g., bandwidth. 
5 U.S. Patent No. 6,24 9,310, titled "Method and System 

for Implementing and Internet Radio Device for Receiving 
and/or Transmitting Media Information" and issued on June 19, 
2001, discloses a chain casting system, in which the content 
provider server transmits the information only to a few 

10 clients, and then instructs these clients to retransmit the 
information to other clients. The 6,249,810 patent also 
discloses load balancing in the chain casting system. 
However, the 6,249,810 patent does not teach constructing and 
adjusting the chain casting system to efficiently utilize the 

15 network capacity and achieve high data transmission quality. 

in summary, these and other prior data transmission 
processes are deficient in economic efficiency and data 
transmission capabilities. They are also deficient in 
maintaining high data transmission qualities in the system, 

20 In addition, the prior art processes cannot establish a data 
transmission system, in which data is transmitted from one 
node behind a firewall to another node behind a different 
firewall . 

Accordingly, it would be advantageous to have a data 
25 transmission process and system for efficiently transmitting 
data to multiple clients over a network. It is desirable for 
the process to establish the data transmission system that is 
stable and capable of fully utilizing the capacity of the 
system. It is also desirable to dynamically adjust the data 
30 transmission system to maintain high quality data 
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transmission. It would be of further advantage for the data 
transmission system to efficiently utilize the capacities of 
the clients in transmitting data. In addition, it would be 
advantageous to have a process for establishing data 
5 transmission links between clients behind different firewalls, 
thereby enabling the client behind different firewalls to be 
coupled to the data transmission system and further increasing 
the flexibility and applications of the data transmission 
system. 

10 Brief Description of the Drawings 

Figure 1 is a schematic diagram illustrating a data 
transmission system in accordance with the present invention; 

Figure 2 is a block diagram illustrating a process for 
establishing a hierarchy data transmission system in 
15 accordance with the present invention; 

Figure 3 is a flow chart illustrating a routing process 
for establishing a hierarchy structured multicasting network 
system in accordance with the present invention; 

Figure 4 is a block diagram illustrating a process for 
20 maintaining data transmission quality in a data transmission 
system in accordance with the present invention; 

Figures 5A, 5B, and 5C are schematic diagrams 
illustrating a client reconnection process in accordance with 
the present invention; 
25 Figure 6 is a schematic diagram showing a broadcasting 

system in accordance with the present invention; 

Figure 7 is a block diagram illustrating a process for 
establishing a data transmission link between an internal node 
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behind a firewall and an external node in accordance with the 
present invention; 

Figures 8A, 8B, and 8C are block diagrams illustrating 
a process for establishing a data transmission link between 
5 two nodes behind two different firewalls in accordance with 
the present invention; and 

Figure 9 is a block diagram illustrating a process for 
identifying a firewall and its nature in accordance with the 
present invention . 

10 Detailed Description of Various Embodiments 

Various embodiments of the present invention are 
described hereinafter with reference to the figures. It 
should be noted that the figures are only intended to 
facilitate the description of specific embodiments of the 

15 invention. They are not intended as an exhaustive description 
of the invention or as a limitation on the scope of the 
invention. In addition, an aspect described in conjunction 
with a particular embodiment of the present invention is not 
necessarily limited to that embodiment and can be practiced in 

20 conjunction with any other embodiments of the invention. 

Figure 1 schematically illustrates a data transmission 
system 100 in accordance with the present invention. 
System 100 is for broadcasting data from a content delivery 
server or content provider 101 to multiple clients over a 

25 network, e.g., Internet, Local Area Network (LAN), Intranet, 
Ethernet, wireless communication network, etc. Data 
transmitted from content provider 101 to the multiple clients 
in system 100 can be digital video signals, digital audio 
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signals, graphic signals, cext signals, webFages, etc. 
Applications of system 100 include digital video or audio 
broadcasting, market data broadcasting, news broadcasting, 
business information broadcasting, entertainment or sport 
5 information broadcasting, organization announcements , etc. 

In accordance with an embodiment of the present 
invention, the multiple clients receiving data streams from 
content provider 101 are arranged in a hierarchy structure. 
By way of example, Fig. 1 shows the clients in system 100 

10 being arranged in a first tree 102 with a first tier 

client 112 as its root and a second tree 106 with a first tier 
client 116 as its root. 

Tree 102 includes second tier clients 122 and 124 as 
the children of first tier client 112. Second tier client 122 

15 has third tier clients 131 and 132 as its children. Second 
tier client 124 has third tier clients 133, 134, and 135 as 
its children. In tree 106, second tier clients 126 and 128 
are two children of first tier client 116. Second tier 
client 126 has two children, which are third tier clients 136 

20 and 13 7. Second tier client 128 has a third tier client 138 
as its child* 

System 100 also includes a client connection 
manager 105 that arranges the multiple clients into a 
hierarchy structure and establishes trees 102 and 106 shown in 

25 Fig. 1. When a new client requests data transmission, a 
network server 107 directs the requesting client to client 
connection manager 105 , which places the requesting client in 
the hierarchy structure for receiving data broadcasting from 
content provider 101. 
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Client connection manager 105 maintains a control 
signal connection with first tier client 112 in tree 102 and 
first tier client 116 in tree 106 , as indicated by dashed 
lines in Fig. 1. In accordance with one embodiment of the 
5 present invention, client connection manager 105 maintains 

control signal connection only with the first tier clients. A 
lower tier client, e.g., second tier client 122 or third tier 
client 134, etc., maintains a control signal connection with 
it8 parent. The data regarding the status of the lower tier 

10 clients and the tree structure are propagated from the lower 
tier clients to their respective parents in the tree. In 
accordance with another embodiment of the present invention, 
client connection manager 105 maintains control signal 
connections with clients at multiple tiers or layers. In one 

15 embodiment, client connection manager 105 maintains control 
signal connections to all clients that are not behind a 
firewall. In another embodiment, client connection 
manager 105 maintains control signal connections with first 
and second tier clients. In yet another embodiment, client 

20 connection manager 105 selectively maintains control signal 
connections with certain lower tier clients depending on 
client characters and the capacity of client connection 
manager 105, 

Maintaining control signal connections only between 
25 client connection manager 105 and the top tier clients reduces 
the load on client connection manager 105, thereby enabling 
client connection manager 105 to simultaneously construct and 
manage more tree structures in system 100 or more data 
transmission systems like system 100. On the other hand, 
30 maintaining control signal connections with clients in 
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multiple layers enables client connection manager 105 to 
efficiently control the hierarchy structure in system 100. It 
also enables client connection manager 105 to more efficiently 
locate a client in the hierarchy structure. 
5 In accordance with the present invention, content 

provider 101 does not transmit data directly to each of the 
multiple clients in system 100* Instead, content provider 101 
transmits data to first tier clients 112 and 116- First tier 
client 112 in tree 102 transmits or reflects the data to its 

10 children, which are second tier clients 122 and 124. Second 
tier client 122 relays the data to third tier clients 131 and 
132. Likewise, second tier client 124 transmits the data to 
its children, third tier clients 133, 134, and 135. First 
tier client 116 transmits or reflects the data to its 

15 descendents in tree 106 in a process similar to that described 
herein with reference to first tier client 112. 

By arranging clients in a hierarchy structure as shown 
in Fig. 1, system 100 utilizes the up-link data transmission 
capacities of some clients at higher tiers to transmit data to 

20 other clients at lower tiers. A client in system 100, e.g., 
first tier client 112, rebroadcasts or reflects the data to 
its descendents, e.g., second tier clients L22 and 124, and 
third tier clients 131, 132, 133, 134, and 135. Thus, each 
client is referred to as a peer of other clients, and 

25 system 100 is also referred to as a peer-to-peer data 

transmission system or a peer-to-peer broadcasting system. 
The data transmission from content provider 101 to a client at 
a low tier, e.g., third tier client 137, includes multiple 
steps of data reception and retransmission. Thus, system 100 

30 is also referred to as a multicasting system, or a cascade 
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broadcasting system. Through multicasting or cascade 
broadcasting, system 100 significantly reduces the load on 
content provider 101, thereby enabling content provider 101 to 
broadcast data to a greater number of clients. 
5 Client connection manager 105 may include a digital 

signal processing unit/ e.g., a microprocessor (jiP) , a central 
processing unit (CPU) , a digital signal processor (DSP) , a 
super computer, a cluster of computers, etc. By way of 
example, client connection manager 105 includes general 

10 purpose computers for performing the client connection process 
and managing the client connection in system 100. 

It should be understood that data transmission 
system 100 is not limited to having a structure described 
herein above and shown in Pig, 1. For example, system 100 is 

15 not limited to having two trees with each tree having a depth 
of three. Depending on the data transmission capacities, 
e.g., bandwidths, of content provider 101 and the clients 
receiving data therefrom, system 100 may include any number of 
trees connected to content provider 101, each tree may have 

20 any depth. In addition, system 100 is not limited to having 
only one content provider as shown in Fig, 1. In accordance 
with an embodiment of the present invention, client connection 
manager 105 is capable of directing a requesting client to 
different content providers based on the content requested by 

25 the client and/or available capacity of a particular content 
provider. Furthermore, client connection manager 105 is not 
limited to receiving client requests for connection through a 
Bingle network server 107, as shown in Fig. 1. A client can 
request connection through any number of network servers in 
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any network, to which client connection manager 105 ie 
coupled. 

It should also be understood that system 100 could be 
implemented using existing network infrastructures. For 
5 example, a node in a tree, e.g., the root of tree 102 or the 
root of tree 106 shown in Fig. 1, can be a content delivery 
network (CDN) edge server. A CDN edge server typically has a 
larger data transmission capacity than a client, e.g., first 
tier client 112 in tree 102, requesting data from content 

10 provider 101. Therefore, placing a CDN edge server at a node 
in the hierarchy structure of data transmission system 100 
allows a greater number of clients to be coupled to that node 
and receive greater data transmission therefrom. 

Figure 2 is a block diagram illustrating a process 2 00 

15 for establishing a hierarchy data transmission system in 
accordance with the present invention. By way of example, 
Fig. 2 illustrates process 200 for connecting client 132 to 
system 100 shown in Fig. 1. However, this is not intended as 
a limitation on the present invention. Process 2 00 is 

20 applicable in connecting any client to a hierarchy structure 
for receiving data transmission in accordance with the present 
invention. 

When a client, e.g., client 132, requests to receive 
data from a broadcasting source, it first accesses network 

25 server 107. Client 132 may request to receive data from the 
broadcasting source by clicking a web icon of the broadcasting 
source on network server 107* Network server 107 then assigns 
a digital signature of client connection manager 105 to 
requesting client 132 and directs it to client connection 

30 manager 105. By way of example, network server 107 directs 
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requesting client 132 to client connection manager 105 by 
sending the Uniform Resource Locator (URL) of client 
connection manager 105 to client 132. Client connection 
manager 105 verifies the digital signature on requesting 
5 client 132 in a step 201. If the signature is invalid, client 
connection manager 105 refuses connection and terminates 
process 200 in as step 202. 

In response to requesting client 132 having a valid 
digital signature of client connection manager 105, client 

10 connection manager 105 , in a step 204, spawns a local 
connection management program to requesting client 132. 
Subsequently in a step 206, client connection manager 105 
directs requesting client 132 to the root of a tree, e.g., 
tree 102 shown in Fig. 1, connected to a content provider, 

15 e.g., content provider 101 shown in Fig. 1, that broadcasts 
the data requested by client 132. If there is no tree 
established for receiving the data transmission from content 
provider 101, client connection manager 105 designates 
requesting client 132 as a root for a new tree. In a 

20 step 208, the local connection management program on the root 
node in tree 102 routes client 132 to a spot in tree 102 based 
on data transmission capacities, e.g., bandwidths, that can be 
allocated to client 132. After being connected in tree 102 , 
client 132 receives data transmission from its parent,, second 

25 tier client 122. In accordance with one embodiment, 

client 132 also establishes a control signal connection with 
its parent, client 122. In accordance with another embodiment 
referred to as multiple layer control connection, client 
establishes a control signal connection with client connection 

30 manager 105. 
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Figure 3 is a flow chart illustrating a routing 
process 300 for establishing a hierarchy structured 
multicasting network system, e.g., system 100 shown in Fig. 1, 
in accordance with the present invention. By way of example , 
5 routing process 300 may serve as routing step 208 in 
process 200 shown in Fig. 2, for establishing data 
transmission system 100 shown in Fig. 1. Routing process 300 
is a recursive process of routing a client that requests for 
connection to a port of a node in system 100 depending on the 

10 available data transmission capacities in system 100. By 
routing the requesting client to a node with sufficient 
capacity available, process 300 establishes system 100 that is 
both stable and efficient in utilizing the data transmission 
capacities of the network. For the purpose of describing 

15 routing process 300, a node where routing process 300 is 
currently running is referred to as a current node. 

Process 300 starts with a step 302 of accepting a 
client request for connection at a node in a data transmission 
system, e.g., data transmission system 100 shown in Fig. 1. 

20 In a step 311, process 300 checks whether the requesting 

client is under redirect. A requesting client under redirect 
means that the client has gone through at least one failed 
attempt in connection to a node in the system. 

If the request client is not under redirect, 

25 process 3 00, in a step 313, examines a node distribution of a 
subtree with the current node as its root, i.e., a Bubtree 
below the current node. If the request client is under 
redirect, process 300, in a step 315, checks if the current 
node is a head server, e.g., client connection manager 105 in 

30 system 100 shown in Fig. 1. If the current node is not the 
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head server, process 3 00 proceeds to step 313 of examining the 
subtree structure below the current node. 

in accordance with one embodiment of the present 
invention, step 313 of examining or evaluating the node 
5 distribution in the subtree structure below the current node 
includes evaluating a node distribution parameter. In a 
specific embodiment, the node distribution parameter is 
defined as a ratio of the total number of descendents over the 
number of children of the current node. A large ratio 

10 indicates the subtree below the current node being bottom 

heavy in the sense that it has a large number of descendents 
that are at least two tiers below the current node. On the 
other hand, a small ratio indicates the subtree below the 
current node being top heavy in the sense that it has few 

15 descendents that are at least two tiers below the current 
node. Step 313 of evaluating the subtree structure helps 
process 300 in forming a balanced and stable tree structure 
for data transmission. 

In response to a bottom heavy subtree below the current 

20 node, e.g., a node distribution ratio exceeding a range or 

greater than a predetermined standard value of 5, process 300 
proceeds to a step 314. On the other hand, if the subtree 
below the current node is top heavy, e.g., a node distribution 
ratio within the range or not exceeding the predetermined 

25 standard value of 5 r process 300, in a step 317, evaluates the 
up-link characters of the requesting client. If the 
requesting client has superior or exceptionally good up-link 
characters, e.g., large capacity, reliable transmission, etc., 
process 300 proceeds to step 314. The standards for superior 

30 up-link characters can be predetermined in accordance with 
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types of data to be transmitted in the system. Step 317 seeks 
to locate clients with superior up- link characters in higher 
tiers in a hierarchy tree structure, thereby utilizing its 
superior up- link characters in relaying data to lower tier 
5 nodes in the tree structure. It is one of various steps in 
process 300 for optimizing the tree structure in the data 
transmission system. 

It should be noted that the range or standard value for 
determining whether a tree structure is top heavy or bottom 

10 heavy could have different values for different nodes in the 
data transmission system. For example, when a node is at a 
relatively high tier, i.e., relatively close to content 
provider 101 in system 100 shown in Fig. 1, the standard value 
or the range may be relatively large, e.g., 20. On the other 

15 hand, for a node at a relatively low tier, i.e., relatively 
far away from content provider 101 in system 100 shown in 
Fig 4 1, the standard value or the range may be relatively 
small , e .g . , 4 . 

If the current node is the head server (step 315) , 

20 process 300, in a step 319, checks if there is any first tier 
node, e.g., client 112 or 116 in system 100 shown in Fig. 1, 
behind the same firewall as the requesting client. Jf such a 
node exiBts and is located, process 300 proceeds to step 314. 

In step 314, process 300 connects the requesting client 

25 as a child of the current node if the current node has 

capacity for the requesting client. If the requesting client 
is behind a firewall, step 314 will try to connect the 
requesting client as a child of a node in the subtree below 
the current node that is behind the same firewall as the 

30 requesting client. If there is no node in the subtree behind 
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the same firewall as the requesting client, step 314 connects 
the requesting client to the current node and updates a 
firewall list to include the firewall address of the 
requesting client. In accordance with one embodiment, 
5 step 314 updates a memory on the current node to include a 
network firewall address of the requesting client. In 
accordance with another embodiment , step 314 updates a memory 
on the head server, e.g., client connection manager 105 shown 
in Fig. 1, to include a network firewall address of the 

10 requesting client. 

In response to no node available in the subtree that 
can accommodate the requesting client (step 314) , the 
requesting client not having a superior up-link (step 317> f or 
no first tier nodes behind the same firewall as the requesting 

15 client (step 319), process 300 proceeds to a step 322. In 

step 322, process 300 filters out blacklisted nodes or marked 
nodes, thereby avoiding connecting the requesting client to 
the blacklisted nodes. As described herein after with 
reference to Fig. 4, a client in a data transmission system 

20 may seek relocation in the data transmission system. In order 
to avoid being directed to the same spot, the client 
blacklists its parent node or identifies its parent node as a 
marked node before seeking the relocation. Step 322 of 
blacklist filtering ensures that the client is not routed to 

25 the same spot, from which it seeks to be relocated. in one 
embodiment, step 322 of blacklist filtering assigns a zero 
score or preference factor to the blacklisted nodes. 

In a step 324, process 300 evaluates the redirect 
status of the requesting client. Specifically, process 300 

30 checks how many times the requesting client has been 
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redirected, a large redirect count indicates that the 
requesting client has been directed to many spots in the data 
transmission system without successfully connecting to a node 
in the system. In a step 323, the redirect count is compared 
5 with a first predetermined threshold value. This threshold 
value is sometimes also referred to as a hard limit. In 
accordance with the present invention, the hard limit can be 
any positive integer, e.g., 5, 8, 15, etc. The hard limit can 
also be infinity, in which case, the redirect count is always 

10 below the hard limit. Accordingly, process 300 actually does 
not have a hard limit for the redirect status. 

In response to the number of redirects, e.g., the 
redirect count exceeding the hard limit, process 300 
terminates the routing effort and, in a step 32 6, connects the 

15 requesting client directly to content provider 101 and 
establishes a control signal connection between client 
connection manager 105 and the requesting client. If content 
provider 101 does not have capacity for the requesting client, 
process 300 refuses the connection request of the requesting 

20 client. 

In response to the number of redirects not exceeding 
the hard limit, process 3 00, in a step 325, compares the 
redirect count with a second predetermined threshold value. 
This threshold value is sometimes also referred to ae a soft 
25 limit. In accordance with an embodiment of the present 

invention, the soft limit can be any positive integer, e.g., 
5, 10, 20, etc., less than the hard limit. If the soft limit 
is equal to or greater than the hard limit, step 32 S of soft 
limit verification has no effect on the routing of the 
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requesting client and process 300 has only the hard limit for 
the redirect count . 

In response to the redirect count exceeding the soft 
limit, process 3 00, in a step 327, checks whether the current 
5 node has capacity for the requesting client. If the current 
node has capacity for the requesting client, process 300, in a 
step 328, connectB the requesting client to the current node. 

In response to the redirect count not exceeding the 
soft limit (step 325) or the current node not having capacity 

10 for the requesting client (step 327), process 300, in a 

step 332, activates a firewall filter- The firewall filter 
assigns scores or preference factors to the current node 
depending on the firewall compatibility between the requesting 
client and the current node. It assigns higher scores to a 

15 node with compatible firewall characters with the requesting 
client, thereby directing the requesting client to a node with 
compatible firewall characters and avoiding connecting the 
requesting client to a node with incompatible firewall 
characters. In a step 333, process 300 checks if the 

20 requesting client is behind a firewall. 

If the requesting client is not behind a firewall, 
process 300 proceeds to a step 334. Step 334 assigns a high 
score, e.g., 0.8, to the current node in response to the 
current node not behind a firewall either and assigns a low 

25 score, e.g., 0.2, to the current node in response to the 
current node behind a firewall. 

On the other hand, if the requesting client is behind a 
firewall, process 300, in a step 336, assigns different scores 
to the current node depending on its firewall characters. In 

30 accordance with an embodiment of the present invention, a high 
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score, e.g., 1, is assigned to the current node if it is 
behind the same firewall as the requesting node; a medium high 
score, e.g., 0.6, is assigned to the current node if it is not 
behind any firewall; a medium low score, e.g., 0.4, is 
5 assigned to the current node if it is behind a different 

firewall from that of the requesting client, but viable data 
transmission can be established between the requesting client 
and the current node through the firewallB; and a low score, 
e.g., 0, is assigned to the current node if it is behind a 

10 different firewall from that of the requesting client and no 
viable data transmission can be established between the 
requesting client and the current node through the firewalls. 

In accordance with an embodiment of the present 
invention, process 300 includes a capacity filtering step 342 

15 for assigning scores to the current depending on its available 
capacity. In a step 343, process 300 first checkB if the 
requesting client is behind a firewall. In one embodiment of 
the present invention, if the requesting client is not behind 
a firewall, the current node is assigned a score equal to its 

20 available capacity in a step 344. If the requesting client is 
behind a firewall, a step 346 assigns to the current node a 
score equal to its available capacity in response to the 
current node behind the same firewall as the requesting 
client. Otherwise, step 346 assigns to the current node a 

25 score equal to its available capacity multiplied by a factor 
smaller than one, e.g., 0.6. The capacity filter gives high 
preferences to nodes with high capacities and with compatible 
firewall characters with the requesting client. 

In accordance with an embodiment of the present 

30 invention, process 300 also includes an Autonomous System 
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Number (ASN) filtering step 352. In a Btep 353, process 300 
checks if the current node has the same ASN as the requesting 
client. If the current node has the same ASN number as the 
requesting client, process 300, in a step 354, assigns a high 
5 score, e.g., 0.9, to the current node, otherwise, in a 

step 356, process 300 assigns a low score, e.g., 0.4, to the 
current node. By assigning high scores to the nodes having 
the same ASN as the requesting client, process 300 directs the 
requesting client to the nodes that are in the same Autonomous 

10 System as the requesting client. Connecting the requesting 
client to a node in the same Autonomous System is beneficial 
in improving the efficiency and reliability data transmission 
between the node and the requesting client. 

in accordance with an embodiment of the present 

15 invention, process 300 further includes a subnet filtering 
step 362. In a step 364, process 300 assigns scores to the 
current node depending on the subnet relation between the 
requesting client and the current node. A high score, e.g., 
1, is assigned to current node if it has a network address 

20 with all four quartets matching that of the requesting client. 
In response to a decreasing number of matching quartets in the 
network addressee, a lower score is assigned to the current 
node. By assigning high scores to the nodes having the 
matching network addresses as the requesting client, 

25 process 3 00 directs the requesting client to the nodes that 
are in the same subnet as the requesting client. Connecting 
the requesting client to a node in the same subnet is 
beneficial in improving the efficiency and reliability of data 
transmission between the node and the requesting client. 
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Furthermore, in accordance with an embodiment of the 
present invention, process 300 includea a time filtering 
step 372, Time filtering step 372 keeps track of when and how 
frequently a node in the data transmission system is visited 
5 by clients seeking for connection to the node. In a step 374, 
process 300 assigns to the current node a score based on the 
time and frequency of visits to the node by clients. In a 
preferred embodiment, step 374 assigns a high score, e.g., 1, 
to the current node in response to the current node not being 

10 visited by a client for a predetermined time period, e.g., 

3 minutes, and assigns a low score, e.g., 0.2, to the current 
node in response to the current node being visited within 
another predetermined period, e.g., 30 seconds. Other scores 
may be assigned to the current node depending on its history 

15 of visits by clients in accordance with various embodiments of 
the present invention. 

Time filtering step 372 prevents a node in the 
hierarchy data transmission system from being over visited. 
This is beneficial in keeping the hierarchy tree structures 

20 balanced and stable. This is also beneficial in spread the 
data transmission loads throughout the system and making 
efficient use of the data transmission capabilities in the 
system. 

In addition, in accordance with an embodiment of the 
25 present invention, process 3 00 includes a time zone filtering 
step 382. Specifically in a step 384, process 300 assigns 
scores to the current node depending on the time zone relation 
between the requesting client and the current node. A high 
score, e.g., 1, is assigned to the current node if it is in 
30 the same time zone as the requesting client. Lower scores are 
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assigned to the current node in response to larger time zone 
offsets between the current node and the requesting client. 
By assigning high scores to the nodes with small time zone 
offsets from the requesting client, process 300 directs the 
5 requesting client to the nodes that are geographically close 
to the requesting client. Connecting the requesting client to 
a geographically close node is beneficial in improving the 
efficiency and reliability data transmission between the node 
and the requesting client. 

10 In a step 391, process 300 checks if there are nodes in 

the subtree below the current node that remain viable after 
various filtering steps. In accordance with one embodiment, a 
viable node is a node that is not marked or blacklisted and 
has a score equal to or greater than a predetermined minimum 

15 value. In accordance with another embodiment, a viable node 
is any node that has a non-zero score. If there are viable 
nodeB, process 300, in a step 392, picks a set of viable nodes 
with high scores, e.g., 10 nodes with the highest scores, and 
increases the redirect count of the requesting client by 1. 

20 Process 3 00 then proceeds to step 302 and starts another 

iteration of the recursive routing process with one of the 
viable nodes picked in step 392 as the current node. If there 
is no viable node left, process 300, in a step 394, connects 
the requesting client as a child of the current node if the 

25 current node has capacity for the requesting client. If the 
current node has no capacity for the requesting client, 
step 394 increases the redirect count of the requesting client 
and redirects the requesting client to the head server for 
another attempt to be connected Into the data transmission 

30 system. 
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Routing process 300 establishes a hierarchy structured 
multicasting or cascade broadcasting system for clients 
receiving data transmissions. By using the up-link capacities 
of the nodes in the hierarchy structure, the multicasting 
5 system distributes the data transmission load over the entire 
system. It significantly reduces the load on the content 
provider, thereby allowing more clients to receive the data 
without overloading the content provider. 

In accordance wich an embodiment o£ the present 

10 invention, process 300 recursively searches for a node for 

connecting the requesting client. When the current node is a 
root node of a bottom heavy subtree structure, process 3 00 
gives preference to connecting the requesting client as a 
child of the current node. When the current node is a root 

15 node ot a top heavy subtree, proceBB 3 00 give preference to 
connecting the current node to a descendent of the current 
node. In other words , process 3 00 seeks to construct a 
balanced hierarchy tree structure- Therefore, process 300 
establishes a hierarchy tree structure that is both efficient 

20 in utilizing the network data transmission capacity and 
resource and stable. 

Process 300 also gives preference to placing a 
requesting client that is behind a firewall below a node 
behind the same firewall. If there is no node in the tree 

25 behind the same firewall as the requesting client, process 300 
updates its cache of the firewall address list to include the 
firewall address of the requesting client and connects the 
requesting client to the tree. When a next client requesting 
for connection is behind the same firewall, process 300 

30 connects it to a node below the requesting client. By 



-22- 
PAGE 2N81 * RCVD AT 4Qia005 8:36:17 PM [Eastern Daylight rme] ft SVR:USPT0EFXRF-1/1 * DNI8:8729306 11 CSiD:1 815 572 8299 ' DURATION (mm-ss):27-04 



Ro: SN 10/709,391 From: John A. Smart 1 615 572 8299 Dale: 04/21/2005 Tim©: 6:37:16 PM Page 27 of 81 

WO 03/039053 PCT/US02/33285 

grouping clients behind the same firewall together, 

process 300 maintains the integrity of the firewall and makes 

efficient use of the network data transmission capacity. 

Through various filtering steps, process 300 assigns 
5 high scores to the nodes that can transmit data to the 

requesting client with high efficiency or reliability. For 
example, high scores are assigned to the nodes with high data 
transmission capacity for the requesting client, the nodes 
with the same ASN as the requesting client, the nodes in the 

10 same Bubnet as the requesting client, the nodes geographically 
close to the clients / etc. These filtering steps are 
beneficial in improving the data transmission efficiency and 
reliability of the system. 

It should be understood that routing process 30 0 in 

15 accordance with the present invention is not limited to that 
described herein above with reference to Fig. 3, Various 
modifications can be made to the described procesB without 
departing from the spirit of the present invention. For 
example, time zone filtering can be replaced with a geographic 

20 location filtering based on global positioning system (GPS) 

data. Time zone filtering is also optional in accordance with 
the present invention. If process 300 is used to construct 
data transmission system covering clients in a relatively 
small geographic region, the benefit of time zone filtering 

25 becomes relatively minor. Likewise, if all clients are in the 
same Autonomous System or in the aame subnet, the ASN 
filtering or subnet filtering step can be deleted from 
process 300 without adversely affecting the efficiency and 
reliability of the data transmission system. 
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After the requesting client is connected to a port of a 
node in a tree, it becomes a child of the node. For example, 
when third tier client 132 is connected to a port of second 
tier client 122, as shown in Pig. l, it becomes a node in 
S tree 102 and a child of second tier client 122. A client in a 
tree, e.g., third tier client 132 in tree 102, has a list of 
node addresses, which may be a list of URLs, that includes the 
addresses of client connection manager 105, its parent, e.g., 
second tier client 122, and its siblings. As a client, e.g., 

10 third tier client 132, receives data streams from its parent, 
e.g., second tier client 122 f it monitors the quality of data 
stream. If the quality of data stream from its parent falls 
below a predetermined standard, the client seeks to reconnect 
itself to another node in the hierarchy structure, e.g., in 

15 tree 102 or tree 106, as shown in Fig. 1. 

Figure 4 is a block diagram illustrating a process 400 
for maintaining data transmission quality in a data 
transmission system, e.g., data transmission system 100 shown 
in Fig. 1, in accordance with the present invention. In data 

20 transmission system 100, client 132 receives data stream from 
its parent client 122. In a step 402, client 132 processes 
the data stream. Processing the data stream may include 
displaying the data, storing the data, merging the data with 
other data, encoding the data, decoding the data, decoding the 

25 data to play a video or audio program, etc. 

In a step 403, client 132 examines the quality of the 
data stream received from parent client 122. In other words, 
client 132 examines the Quality of Service (QoS) from parent 
client 122. By way of example, data packet loss is a commonly 

30 used measurement of the data stream quality. Also by way of 
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example, jitter is another measurement of the data stream 
quality. The jitter measures the difference between the 
expected timestamp and the actual timestamp on a data packet. 
In a network adopting Transmission Control Protocol (TCP) , 
5 complete delivery of data packets is guaranteed through 
resends, and data packet loss is always zero. In some 
applications, the timeliness of the data packets is more 
important than the completeness of the data packets. For 
example, a video program stream on client 132 can continue 

10 with minor visual glitches or imperfections if the majority of 
the data packets arrives in a timely fashion with some minor 
data loss, but will stop dead if client 132 waits for a series 
of sends and resends of the data packets. In these 
applications, jitter is a more appropriate measurement of data 

15 stream quality than data packet loss. 

If the quality of the data stream meets a predetermined 
standard or is otherwise satisfactory, client 132, in a 
step 404, sends a signal through a control signal connection 
back to its parent client 122 indicating the satisfactory 

20 quality of the data stream. Optionally, client 132 further 
informs the local connection management program that 
client 132 is in good connection condition with its parent. 
Client 132 continues to receive data streams from its parent 
and is ready to accept new clients as its children if it has 

25 sufficient capacity. 

If the quality of the data stream or QoS does not meet 
the predetermined standard or is otherwise unsatisfactory, 
client 132, in a step 406, identifies its parent client 122 as 
a marked node or blacklists its parent client 122. Client 132 

30 further informs the local connection management program about 
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the poor connection condition with ite parent. In a step 4 08, 
the local connection management program on client 132 seeks to 
reconnect client 132 to another node in the hierarchy 
structure in system 100 shown in Fig. l- 
5 In accordance with an embodiment of the present 

invention, client 132 first seeks to be connected to one of 
its siblings, e.g., client 131 in tree 102 shown in Pig. l. 
Redirecting client 132 to one of its siblings haB a small 
impact on the overall hierarchy structure in system 100 shown 

10 in Fig* 1. It is also efficient because a routing process, 
e.g., routing process 300 described herein above with 
reference to Fig. 3, needs to iterate fewer times compared 
with redirecting client 132 to another node far away from its 
current node. Furthermore, client 132 and ite siblings are 

15 probably behind the same firewall, in the same Autonomous 
System, in the same subnet, in the same time zone, etc. 
Therefore, seeking to redirect a client to its Siblings is 
beneficial in keeping a data transmission network balanced 
without increasing the traffic on the entire network. It is 

20 also beneficial in producing necessary network restructuring 
without unnecessary network chattering. It is further 
beneficial in maintaining the integrity of the firewalls in 
the network. 

If client 132 has no sibling or its siblings have no 
25 capacity to be allocated to it, client 132 requests 

reconnection to client connection manager 105 in system 100 
shown in Fig. l. client connection manager 105 executes a 
routing process, e.g., routing process 300 described herein 
above with reference to respective Fig. 3, to connect 
30 client 132 to a new node in data transmission system 100 shown 
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in Fig. 1. In accordance with the present invention, the 
routing process does not route client 132 to the marked node, 
i.e., the blacklisted parent of client 132, before client 132 
seeks reconnect ion. 



for illustrating a client reconnection process in accordance 
with the present invention. Tree 500 has client connection 
manager 105 as its root server or head server. A client 502 
is coupled to client connection manager 105. A block 501 

10 between client connection manager 105 and client 502 

represents unspecified hierarchy structures between client 
connection manager 105 and client 502. Block 501 may include 
any number of clients arranged in any kind of hierarchy 
structures; and client 502 is a child of a node in a hierarchy 

15 structure in block 501. On the other hand, block 501 may be 
empty or not include any node that is a parent of client 502. 
In either of these situations, client 502 is directly 
connected to client connection manager 105. It should be 
noted that client connection manager 105 transmits controls 

20 signals to the nodes in tree 500. A data stream source (not 
shown in Figs. 5A-5C) broadcasts data streams to the nodes in 
tree 500. By way of example, content provider 101 in 
system 100 Bhown in Fig. l can serve as a data stream source 
for data transmission in tree 500. 

25 As shown in Fig. 5A, client 5 02 is the root of a 

portion or a branch 510 of tree 500. Branch 510 includes 
clients 504 and 506 as the children of client 502. Client 506 
has two children, which are clients SOS and 512. Branch 510 
further includes a client 514, which is a child of client 512. 

30 Each client has a list of node addresses, which includes the 



5 



Figures 5A, 5B, and 5C schematically show a tree 500 
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addressee of client connection manager 105, the client's 
parent, and the client's siblings. 

During a broadcasting or data transmission process, 
clients 504 and 506 receive data streams from client 502. 
5 Client 506 retransmits , relays, or reflects the data streams 
to clients 508 and 512. Client 512 relays the data streams to 
client 514. As described herein above with reference to 
Fig. 4, each client examines the quality of data stream or QoS 
from its parent. By way of example, client 506 experiences a 

10 poor QoS. As described herein above with reference to Fig. 4, 
client 506 identifies its parent client 502 as a marked node 
or blacklists its parent client 502/ and seeks to be 
redirected to another node in tree 500. 

Client 506 first seeks to be connected to one of its 

15 siblings. As shown in Fig. 5A, client 506 has a sibling 

client 504. in response to client 504 having capacity to be 
allocated to it, client 506 is reconnected to tree 500 as a 
child of client 504, as shown in Fig. 5B. Client 506 now 
receives data streams from client 504 and reflects the data 

20 streams to clients 50fl and 512, which in turn relays the data 
streams to its child client 514. 

In accordance with an embodiment of the present 
invention, client 506 identifies the unbalanced structure in 
branch 510 as shown in Fig. 5B. In order to balance the tree 

25 structure, client 506 instructs client 512 to be disconnected 
from client 506 and redirects client 512 to client 504. 
Client 512 is reconnected to branch 510 as a child of 
client 504 and a sibling of client 506, as shown in Fig. 5C. 
Branch 510 of tree 500 is balanced. 
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If client 504 does not have capacity to be allocated 
for client 506, client 506 generates a reconnection request. 
In response to the reconnection request, client connection 
manager 105 searches a spot in tree 500 for client 506 through 
5 a routing process, e.g., routing process 300 described herein 
above with reference to Fig. 3. Because the parent of 
client 506 # client 502, is marked or blacklisted, the routing 
process does not relocate client 506 to be a child of its 
former parent , client 502. 

10 It should be understood that first trying to be 

connected to its sibling when a client seeking for 
reconnection, as described herein above with reference to 
Pigs. 4 and 5A-5C, is optional in accordance with the present 
invention- in accordance with an alternative embodiment of 

15 the present, a client seeking for reconnection generates a 
reconnection request to the head server, e.g., client 
connection manager 105 without first trying to be connected as 
a child of its sibling. In accordance with another 
alternative embodiment of the present invention, seeking to be 

20 connected to its sibling before generating a reconnection 
request to the head server iB applicable when the client 
seeking reconnection and its parent are behind the same 
firewall. For a client not behind the same firewall as its 
parent, a request for reconnection is generated and propagated 

25 to the head server in response to the client seeking 

reconnect. This approach is beneficial in grouping the 
clients behind the same firewall together, thereby improving 
the data transmission efficiency and maintaining the firewall 
integrity. 
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Figure 6 is a schematic diagram illustrating a network 
broadcasting system 600 in accordance with an embodiment of 
the present invention. System 600 has client connection 
manager 105 as its head server and data stream source 101 for 
5 broadcasting data to the nodes in system 600, A client 612 is 
coupled to client connection manager 105. A block 605 between 
client connection manager 105 and client 612 represents 
unspecified control signal connections between client 
connection manager 105 and client 612. Block 605 also 

10 represents unspecified data transmission paths between data 
stream source 101 and client 612. Block 605 may include any 
number of clients arranged in any kinds of hierarchy 
structures. Client 612 is a child of a node in a hierarchy 
structure in block 605. On the other hand, block 605 may be 

15 empty or not include any node that is a parent of client 612. 
In either of these situations, client 612 is directly 
connected to client connection manager 105 for control signals 
and directly connected to data stream source 101 for data 
streams. Client 612 has a client 622 as its child. A 

20 client 624 is a child of client 622. As shown in Pig. 6, 

client 612 is behind a firewall 610 , and clients 622 and 624 
are behind a firewall 620, which is a different firewall from 
firewall 610. 

Coupling client 612 to client connection manager 105 
25 and data stream source 101 requires data transmission from an 
external site, e.g., a node in block 605, client connection 
manager 105, or data stream source 101, to an internal site 
behind firewall 610. In addition, connecting client 622 as a 
child of client 612 in system 600 requires data transmission 
30 between a site behind one firewall, i.e., client 612 behind 
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firewall 610, and another Bite behind a different firewall, 
i.e., client 622 behind firewall 620. 

A firewall functions to filter incoming data packets 
before relaying them to a client behind the firewall, 
5 Typically, a firewall is deployed so that an internal site 
behind the firewall can access an external site outside the 
firewall, but the external aite cannot form connections to the 
internal site. The functionality of a firewall can be 
performed by a Network Address Translator (NAT) , which is a 

10 gateway device that allows many users to share one network 

address. A NAT prevents data packets from an external source 
from reaching a client behind or inside the firewall, unless 
the data packets are part of a connection initiated by the 
client behind or inside the firewall. 

15 A firewall or a NAT keeps track of which internal 

machines have initiated signal transmissions or conversations 
with which external sites in a masquerading table. The 
firewall relays the data packets arriving from an external 
site that are recognized as a part of an existing conversation 

20 with an internal site to the internal site that initiated the 
conversation. The firewall blocks and discards all other data 
packets. Therefore, the firewall prevents an external site 
from initiating conversation with an internal site. 

There are generally three kinds of firewalls or NAT 

25 gateways. A strict firewall blocks an incoming data packet 
addressed to a firewall port unless both the source site 
address and the source port match the entries in the 
masquerading table. A semi -promiscuous firewall, which is 
non- strict, permits an incoming data packet addressed to a 

30 firewall port if the source site address matches that entry in 
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the masquerading table and relays the data packet to the 
internal site that opened the firewall port. A promiscuous 
firewall, which is also non- strict, permits am incoming data 
packet addressed to a firewall port and relays the data packet 
5 to the internal site that opened the firewall port, 

Figure 7 is a flow chart illustrating a process 700 for 
establishing a data transmission link or connection between an 
internal site inside a firewall with an external site in 
accordance with the present invention. By way of example, the 

10 internal site behind the firewall may be client 612 behind 
firewall 610 in system 600 shown in Fig. 6. Also by way of 
example, the external site may be a parent node of client 612 
in block 605, data stream source 101, or client connection 
manager 105 in system 600, as shown in Pig. 6. 

15 The firewall permits an internal site to initiate a 

connection request to an external site, but prevents the 
external site from initiating a connection request to an 
internal site. Process 700 enables an external site to 
initiate a connection request to an internal site with the 

20 help of an intermediate site outside the firewall, which is 
also referred to as a firewall connection broker or simply a 
broker. In an initialization step 702, the internal site 
sends from behind a gateway an outgoing signal to the broker. 
In a step 703, process 700 verifies whether the internal site 

25 is behind a firewall, i.e., whether the gateway is really a 
firewall, and the nature of the firewall. If the internal 
site is not behind a firewall, data transmission between the 
site and any other external site can be accomplished directly. 
Process 700, therefore, proceeds to a finishing step 704* 



-32- 



PAGE 36/81 1 RCVD AT 4/2112005 8:36:17 PM [Eastern Daylight Time] 1 SVR;USPT0€FXRF-1/1 * DNIS:8729306 1 CSID:1 815 572 8299 * DURATION (mm-ss):27-04 



Ra: SN 10/709,391 From: John A. Smart 1 815 572 6299 



Data: 04/21/2005 Ttma: 5:37:16 PM 



Paga 37 of 81 



WO 03/039053 PCT/US02/35285 

In response the internal site, e.g., client 612, behind 
a firewall. Client 612 maintains an open port connection on 
firewall 610 with the broker in a step 712. When an external 
site seeks connection with client 612, it sends a connection 
5' request to the broker in a step 722. In a step 724, the 
broker instructs the external site to keep a listening port 
open. In a step 716, the broker transmits a signal through 
the open port connection on firewall 610 with the broker to 
client 612 and instructs client 612 to send an outgoing data 

10 packet to the listening port of the external client. The 
outgoing data packet opens a port of firewall 610 and 
generates an entry of the listening port of the external site 
on the masquerading table on firewall 610. In a step 726, the 
external site sends an incoming data packet from its listening 

15 port addressed to the open port on firewall 610, 

Firewall 610, in a step 718, matches the source address and 
source port of the incoming data packet with the entries on 
the masquerading table and relays the data packet to 
client 612. A data transmission link is thereby established 

2 0 between the external site and client 612 behind firewall 610. 

Figure 8A is a flow chart illustrating a process 800 
for establishing a data transmission link or connection 
between two internal sites behind two different firewall b in 
accordance with the present invention. By way of example, one 

25 internal site behind the firewall may be client 612 behind 
firewall 610 in system 600 shown in Fig. 6. Also by way of 
example, another internal site behind the firewall may be 
client 622 behind firewall 620 in system 600 shown in Pig. 6. 
Process 800 enables two internal sites behind different 

30 firewalls to establish a signal transmission connection or 
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link there between with the help of an intermediate site 
outside the firewall, which is also referred to as a firewall 
connection broker or simply a broker. 

Referring now to Fig. 8A, in an initialization 
5 step 802, client 612 behind gateway 610 sends an outgoing 
signal to the broker. Likewise, client 622 behind 
gateway 620 , in a step 804, sends an outgoing signal to the 
broker. In a step B05, the broker verifies whether 
gateways 610 and 620 are really firewalls and identifies the 

10 nature of the firewalls. Process 800 then proceeds to a 
step 808 of establishing data transmission links between 
client 612 and client 622. If neither gateway 610 nor 
gateway 620 is a firewall, clients 612 and 622 can send data 
packets directly to each other and establish data transmission 

15 links there between. If either gateway 610 or gateway 620, 

but not both, is a firewall, clients 612 and 622 can establish 
data transmission links there between in processes similar to 
that described herein above with reference to Fig. 7> 

Figure 8B illustrates a process 820 for establishing a 

20 data transmission link between two sites behind two different 
firewalls with at least one of the two firewalls being 
promiscuous in accordance with the present invention. 
Process 820 can serve as step 808 in process 800 Bhown in 
Fig. 8A. By way of example, process 820 is described in the 

25 context of establishing a data transmission link between 
client 612 behind firewall 610 and client 622 behind 
firewall 620, as shown in Fig. 6. Also by way of example, 
firewall 610 is a promiscuous firewall. 

In a step 821, client 612 sends an outgoing data packet 

30 through a. port on firewall 610 to the broker. The broker 
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observes the address of firewall 610 and the open port thereon 
in a step B22. In a Step 823, client 622 sends an outgoing 
data packet to the broker requesting for connection with 
client 612. The broker, in a step 824, observes the address 
5 of firewall 62 0 and the open port thereon. In a step 825, the 
broker sends a message through the open port on firewall 620 
to client 622. The message contains the network address of 
firewall 610 and the open port thereon, in a step 826, 
client 622 opens a new port on firewall 62 0 and sends an 

10 outgoing message addressed to the open port on firewall 610. 
Because firewall 610 is promiscuous, it permits an incoming 
data packet addressed to the open port thereon and relays the 
data packet to client 612. In a step 827, client 612 sends a 
response message to the new port on firewall 62 0. Because 

15 firewall. 620 recognizes the source address and source port of 
the response message as entries in its masquerading table, it 
relays the response message to client 622 in a step 828, 
thereby establishing a data transmission link between 
client 612 behind promiscuous firewall 610 and client 622 

20 behind firewall 62 0. 

Process 820 described herein above with reference to 
Pig 8B is applicable in situations where firewall 610 is 
promiscuous and regardless of whether firewall 620 iB strict, 
semi -promiscuous, or promiscuous.. Therefore, a process 

25 reverse to process 820 can be used to establish a data 
transmission link between client 612 and client 622 in 
response to firewall 610 being strict or semi -promiscuous and 
firewall 620 being promiscuous. 

Figure 6C illustrates a process 840 for establishing a 

30 data transmission link between two sites behind two different 
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firewalls with one of the two firewalls being semi -promiscuous 
and the other firewall being either semi -promiscuous or strict 
in accordance with the present invention. Process 840 can 
serve as step BOB in process 800 shown in Fig. 8A. By way of 
5 example, process 840 is described in the context of 

establishing a data transmission link between client 612 
behind firewall 610 and client 622 behind firewall 620, as 
shown in Fig. 6. Also by way of example, firewall 610 is a 
semi -promiscuous firewall. 

10 In a step 841, client 612 sends an outgoing data packet 

through a port on firewall 610 to the broker. The broker 
observes the address of firewall 610 and the open port thereon 
in a step 842. In a Step 843, client 622 sends an outgoing 
data packet to the broker requesting for connection with 

15 client 612. The broker, in a step 844, observes the address 
of firewall 620 and the open port thereon. In a step 845, the 
broker sends a message through the open port on firewall 610 
to client 612. The message instructs client 612 to send an 
outgoing data packet, which is also referred to as a priming 

20 packet, through the open port on firewall 610 to a port on 
firewall 620. In a step 846, client 612 sends the priming 
data packet addressed to a port on firewall 620, and 
firewall 610 enters the network address of firewall 620 into 
ite masquerading table. The priming data packet is blocked 

25 and discarded by firewall 620. In a step 847, client 622 
sends an outgoing data packet through a new port on 
firewall 620 addressed to the open port on firewall 610. 
Because firewall 610 is semi -promiscuous and recognizes 
firewall 620 as an entry in its masquerading table at the open 

30 port, firewall 610 relays the data packet to client 612. In a 
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Btep 848, client 612 sends a response message to the new port 
on firewall 62 0. Because firewall 620 recognizes the source 
address and source port of the response message ae entries in 
its masquerading table, it relays the response message to 
5 client 622, thereby establishing a data transmission link 
between client 612 behind semi -promiscuous firewall 610 and 
client 622 behind firewall 620. 

Process 84 0 described herein above with reference to 
Fig 8C is applicable in situations where firewall 610 is semi- 

10 promiscuous and regardless of whether firewall 620 is strict, 
semi-promiscuous, or promiscuous. Therefore, a process 
reverse to process 84 0 can be used to establish a data 
transmission link between client 612 and client 622 in 
response to firewall 610 being strict and firewall 620 being 

15 semi-promiscuouB . 

it should be noted that process 84 0 described herein 
with reference to Fig. 8C is also applicable if firewall 610 
is a promiscuous firewall. In summary, process 840 is capable 
of establishing data transmission links between two internal 

20 sites behind two different firewalls, with at least one of the 
two firewalls being non-strict, i.e., either promiscuous or 
semi -promiscuous. On the other hand, process 820 described 
herein above with reference to Fig. 8B is capable of 
establishing data transmission links between two internal 

25 sites behind two different firewalls, with at least one of the 
two firewalls being promiscuous. 

Figure 9 illustrates a process 900 for identifying the 
nature of a gateway in accordance with the present invention. 
Specifically, process 900 verifies whether a gateway, e.g., a 

30 NAT gateway, is a firewall and identifies what kind of 
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firewall the gateway ia if it is a firewall. By way of 
example, process 900 can serve as step 703 of verifying 
whether client 612 is behind a firewall in process 700 
described herein above with reference to in Fig. 7. Also by 
5 way of example, process 900 can serve as step 805 of verifying 
whether gateways 610 and 620 are really firewalls and the 
nature of the firewalls in process 800 described herein above 
with reference to Fig. 8A. However, these applications are 
not intended as limitations on the scope of the present 

10 invention. Process 900 in accordance with the present 

invention is applicable in any applications for identifying 
the nature of a gateway, a NAT device, or a firewall. 
Process 900 is implemented with the help of two external 
hosts, which are referred to as a broker A and a broker B for 

15 identification purposes during the explanation of process 900. 
Each of brokers A and B has a network address and a plurality 
of ports. 

Process 900 of identifying the nature of a gateway 
starts with a step 902, in which an internal site behind the 

20 gateway sends an outgoing data packet to a first port on 

broker A. The data packet contains information about a port 
on the internal site. The outgoing data packet opens a port 
on the gateway. If the gateway is a firewall, it generates a 
masquerading table that includes the first port on broker A 

25 and the network address of broker A as two of its entries. In 
a step 904, broke A sends a response packet addressed directly 
to the port on the internal site. In a step 905, process 900 
checks whether the internal site receives the response packet 
from broker A directly addressed to the port on the internal 

30 site. If the internal site receives the response packet, 
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process 900, in a step 906, identifies the gateway as not 
being a firewall, if the internal aite does not receive the 
response packet addressed directly to the port thereon, 
process 900, in a step 908, identifies the gateway as a 
5 firewall, 

In a step 912, broker A sends a first data packet from 
the first port thereon to the port on Che gateway. The port 
on the gateway should recognize the first port of the broker A 
as the entries in its masquerading table. In a step 915, 

10 process 900 checks whether the internal site receives the 
first data packet from the first port on broker A. If the 
internal site does not receive the first data packet, 
process 900 identifies the gateway as blocking all User 
Datagram Protocol (UDP) data transmissions in a step 908 . A 

15 site behind such a gateway is not suitable for being a node in 
a data transmission system, e.g., system 100 or 600 shown in 
Fig. 1 or 6, in accordance with the present invention. 

In response to the internal site receiving the first 
data packet from the first port on broker A, process 900, in a 

20 step 922 , sends a second data packet from a second port on 
broker A to the port on the gateway. In a step 92 5, 
process 900 checks whether the internal site receives the 
second data packet. If the internal site does not receive the 
second data packet, process 900, in a Btep 926, identifies the 

25 gateway as a strict firewall- 

In response to the internal site receiving the second 
data packet from the second port on broker A, process 900, in 
a step 932 r instructs broker A to send a message to broker B . 
The message to broker B includes the network address of the 

30 gateway and the port address on the gateway. In a step 934, 
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broker & sends a third data packet from a port on broker B to 
the port on the gateway, In a step process 900 checks 

whether the internal site receives the third data packet- If 
the internal site does not receive the second data packet, 
5 process 900, in a step 936, identifies the gateway as a semi- 
promiscuous firewall . In the internal site receives the third 
data packet, process 900, in a step 938, identifies the 
gateway as a promiscuous firewall. 

It should be understood that process 900 of identifying 

10 the nature of a gateway in accordance with the present 

invention is not limited to that described herein above with 
reference to Pig. 9. Various modifications can be made to 
process 900 described above and still achieve the result of 
identifying the nature of the gateway. For example, step 904 

15 of sending a response packet addressed directly to the port on 
the internal site, step 912 of sending the first data packet 
from the first port on broker A, step 922 of sending the 
second data packet from the second port of broker A, and 
step 934 of sending the third packet from a port on broker B 

20 are not limited to being performed in the order described 
herein above with reference to Fig. 9, These four data 
packets can be sent in any order and process 900 will Btill be 
able to identify the nature of the gateway in response to the 
internal site receiving which, if any, of the four data 

25 packets. In addition, the response packet addressed directly 
to the port on the internal site is not limited to being sent 
from broker A. The response packet addressed directly to the 
port on the internal site for identifying whether the gateway 
is a firewall can also be sent from broker B or any other 
•30 external site. Furthermore, using both broker A and broker B 
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Is required only if one seeks to identify whether the gateway 
is a promiscuous firewall. In an application for identifying 
whether the gateway is a strict firewall or a non-strict 
firewall, one broker is sufficient. 
5 By now it should be appreciated that a data 

transmission system for performing multicasting or cascading 
broadcasting has been provided* A data transmission system in 
accordance with the present invention includes a hierarchy 
tree structure ooupled to a data stream source. A root node 

10 of the tree structure receives data stream from a data stream 
source and reflects the data stream to its children, which in 
turn relay the data stream to their respective children. The 
data transmission system utilizes the up-link transmission 
capacities of the nodeB in the tree structure to broadcast the 

15 data streams, thereby significantly reducing the load on the 

data stream source and allowing the data stream source to feed 
data streams to more clients compared with prior art data 
transmission systems. 

It should also be appreciated that a process for 

20 constructing and managing such a data transmission system has 
been provided. A process for connecting clients into a 
hierarchy structured data transmission system in accordance 
with the present invention includes directing a client 
requesting for connection into the data transmission syBtem to 

2 5 a location in the system based on such criteria as data 
transmission capacity, firewall compatibility, geographic 
location, network compatibility, etc. The process forms a 
data transmission or broadcasting system that is both stable 
and efficient. The process also monitors the quality of data 

30 streams received by a client in the system and dynamically 
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adjusts the system structure to maintain a high quality of 
data transmission. 

It should be further appreciated that a process for 
transmitting data to a network site behind a firewall and 
5 between two network sites behind different firewalls has been 
provided. A process in aoaordance with the present invention 
uses an external site to relay the initial connection requests 
in establishing the data transmission links for users behind 
firewalls. The process also uses the external site to send 
10 data packets to an internal site to identify the nature of the 
firewalls. 

While various embodiments of the present invention have 
been described with reference to the drawings, these are not 
intended to limit the scope of the present invention/ which is 
15 set forth in the appending claims. Various modifications of 
the above described embodiments can be made by those skilled 
in the art after browsing the specification of the subject 
application. These modifications are within the scope and 
true spirit of the present invention. 
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CLAIMS 

11. A process for transmitting data over a network, 

2 compriaing the steps of : 

3 receiving a connection request from a requesting client; 

4 evaluating a node distribution of a hierarchy structure 

5 having a content provider as a root thereof ; 

6 connecting the requesting client to the content provider 

7 in response to the node distribution exceeding a 
3 range / 

9 directing the requesting client to a first tree having a 

10 first child of the content provider as a root node 

11 thereof in response to the node distribution within 

12 the range; 

13 transmitting data from the content provider to the 

14 requesting client in response to connecting the 

15 requesting client to the content provider; and 

16 relaying the data through the root node of the first tree 

17 to the requesting client in response to directing 

18 the requesting client to the first tree. 

1 2. The process of claim 1, wherein: 

2 the step of connecting the requesting client includes 

3 connecting the requesting client to the content 

4 provider further in response to the content 

5 provider having a capacity therefor the requesting 

6 client; and 

7 the step of directing the requesting client includes 

S directing the requesting client to the firet tree 

9 further in response to the first tree having a 

10 capacity for the requesting client. 
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1 3. The process of claim L, wherein the step of directing the 

2 requesting client to a first tree includes the steps of: 

3 evaluating a node distribution of the first tree; 

4 connecting the requesting client to the root node of the 

5 first tree in response to the node distribution 

6 exceeding a standard value; end 

7 recursively directing the requesting client to a 

8 descendent of the root node of the first tree in 

9 response to the node distribution not exceeding the 
10 standard value. 

1 4. The process of claim 3, further comprising the step of 

2 directing the requesting client to a descendent of the 

3 root node of the first tree in response to the requesting 

4 client having an up-link quality not meeting a 

5 predetermined standard. 

1 5. The process of claim 3, wherein the step of recursively 

2 directing the requesting client to a descendent of the 

3 root node of the first tree includes the steps of: 

4 selecting a descendent of the node root of the first tree 

5 as a current node; 

6 evaluating a node distribution of a subtree having the 

7 current node as a root node thereof; 

8 connecting the requesting client to the current node in 

9 response to the node distribution exceeding the 

10 standard value; and 

11 recursively directing the requesting client to a 

12 descendent of the current node in response to the 

13 node distribution not exceeding the standard value. 
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1 6. The process of claim Sj further comprising the step of 

2 redirecting the requesting client to the content provider 

3 in response to neither the current node nor a descendent 

4 thereof having a capacity for the requesting client. 

1 7, The process of claim 6 i wherein the step of redirecting 

2 the requesting client further includes the steps of: 

3 increasing a redirect count associated with the 

4 requesting client; 

5 connecting the requesting client to the content provider 

6 in response to the redirect count exceeding a first 

7 limit; and 

8 searching a spot for the requesting client in the 

9 hierarchy structure in response to the redirect 
10 count below the first limit. 

1 8. The process of claim 7, wherein the step of searching a 

2 spot for the requesting client in the hierarchy structure 

3 further includes the steps ofs. 

4 recursively visiting a node in the hierarchy structure 

5 searching the spot for the requesting client? and 

6 connecting the requesting client to the node in response 

7 to the redirect count exceeding a second limit and 

8 to the node having a capacity. 

1 9. The process of claim 3, further comprising the step of 

2 directing the requesting client toward a node selected 

3 from a plurality of nodes in the hierarchy structure in 

4 accordance with a plurality of scores reflecting a 

5 plurality of qualities of the plurality of nodes. 
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1 10- The process of claim 9, further comprising, in response 

2 to the requesting client being external, the steps of; 

3 assigning a first score to the node in response to the 

4 node behind a firewall; and 

5 assigning a second score higher than the first score to 

6 the node in response to the node being external. 

1 ii # The process of claim 9, further comprising, in response 

2 to the requesting client behind a firewall, the steps of; 

3 assigning a first score to a node in the hierarchy 

4 structure in response to the node behind the 

5 firewall; 

6 assigning a second score lower than the first score to 

7 the node in response to the node being external; 

8 assigning a third score lower than the second score to 

9 the node in response to the node behind a second 

10 firewall different from the firewall and to the 

11 node being able to communicate with the requesting 

12 client through the firewall and the second 

13 firewall; and 

14 assigning a fourth score lower than the third score to 

15 the node in response to the node behind the second 

16 firewall and to the node being unable to 

17 communicate with the requesting client through the 

18 firewall and the second firewall. 

1 12. The process of claim 9, further comprising the step of 

2 assigning a score to a node in the hierarchy structure in 

3 accordance with a time zone offset between the node and 

4 the requesting client. 
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1 13. The process of claim 9, further comprising the step of 

2 assigning a score to a node in the hierarchy structure in 

3 accordance with a match between an address of the node 

4 and an address of the requesting client. 

1 14. The process of claim 9, further comprising the steps of: 

2 assigning a first score to a node in the hierarchy 

3 structure based on a capacity of the node in 

4 response to the requesting client being external; 

5 assigning the first score to the node in response to the 

6 requesting client behind a firewall and the node 

7 behind the firewall; and 

8 assigning a second score equal to the first score 

9 multiplied by a factor less than one to the node in 

10 response to the requesting client behind a firewall 

11 and the node not behind the firewall 

1 15. The process of claim 9, further comprising the steps of: 

2 assigning a first score to a node in the hierarchy 

3 structure in response to the node having an 

4 Autonomous System Number equal to that of the 

5 requesting client; and 

6 assigning a second score lower than the first score to 

7 the node in response to the node having am 

8 Autonomous System Number different from that of the 

9 requesting client. 

1 16. The process of claim 9, further comprising the step of 

2 assigning a score to a node in the hierarchy structure in 

3 accordance with a history of the node being visited. 
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1 17. The process of claim 1, further comprising the steps of: 

2 monitoring a quality of data transmitted to a client; and 

3 relocating the client in response to the quality of data 

4 transmitted to the client below a standard. 

1 18. The process of claim 17, wherein the step of relocating 

2 the client further includes the steps of: 

3 identifying a parent of the client as a marked node; 

4 disconnecting the client from the parent; and 

5 searching a new apot for the client, the new spot not 

6 being a child of the marked node. 

1 19, The process of claim 18, wherein the step of relocating 

2 the client further includes the steps of: 

3 evaluating a capacity of a sibling of the client; 

4 connecting the client as a child of the sibling in 

5 response the sibling having the capacity for the 

6 client; and 

7 generating a reconnect ion request in response to the 

8 sibling not having the capacity for the client. 

1 20. The process of claim 19 , wherein the step of relocating 

2 the client further includes the steps of: 

3 receiving the reconnection request from the client at a 

4 client connection manager; and 

5 recursively searching the new spot for the client. 
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1 21, A storage medium having a data streaming network 

2 management program stored thereon, said data streaming 

3 network management program, when executed by a digital 

4 signal processing unit, performing a network management 

5 process comprising the steps of: 

6 receiving a connection request from a client; 

7 verifying whether there is a hierarchy structure with at 

8 least one tree having a root node thereof connected 

9 to a data stream source; 

10 in response to there be not a hierarchy structure, 

11 forming a tree with the client as a root node 

12 thereof and connecting the client to the data 

13 stream source; 

14 in response to there be a hierarchy structure, evaluating 

15 a node distribution of the hierarchy structure; and 

16 in response to the node distribution within a range, 

17 directing the client to a tree in the at least one 

18 tree in the hierarchy structure. 

1 22. The storage medium of claim 21, said network management 

2 process further comprising the step of, in response the 

3 node distribution exceeding the range, connecting the 

4 client to the data stream source. 

1 23. The storage medium of claim 21, said network management 

2 process further comprising the step of, in response the 

3 client having an up-link capability exceeding a standard, 

4 connecting the client to the data stream source. 
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1 24. The storage medium of claim 21, wherein the step of 

2 directing the client to a tree in the at least one tree 

3 in the hierarchy structure in said network management 

4 process further includes the step of recursively 

5 searching a spot for the client in the hierarchy 

6 structure. 

1 25. The storage medium of claim 24, wherein the step of 

2 directing the client to a tree in the at least one tree 

3 in the hierarchy structure in said network management 

4 process further includes the step of, in response to the 

5 tree not having a capacity for the client, directing the 

6 client to the data stream source* 

1 26, The storage medium of claim 24, wherein the step of 

2 recursively searching a spot for the client in the 

3 hierarchy structure in said network management process 

4 further includes the steps of i 

5 selecting a node in the hierarchy structure as a current 

6 node ; 

7 evaluating a structure parameter of the current node; 

8 in response to the structure parameter exceeding a value, 

9 connecting the client to the current node; and 

10 in response to the structure parameter below the value, 

11 selecting a child of the current node as a new 

12 current node. 
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1 27. The storage medium of claim 26, wherein the step of 

2 selecting a child of the current node as a new current 

3 node in said network management process further includes 

4 the steps of; 

5 evaluating a structure parameter of the new current node; 

6 in response to the structure parameter exceeding the 

7 value, connecting the client to the new current 

8 node ; and 

3 in response to the structure parameter below the value, 

10 directing the client to a subtree having a child of 

11 the new current node as a root node thereof. 

1 28. The storage medium of claim 26, wherein the step of 

2 selecting a node in the hierarchy structure as a current 

3 node in said network management process further includes 

4 the step of selecting the node in accordance with a 

5 preference factor assigned to the node. 

1 29, The storage medium of claim 28, said network management 

2 process further comprising the step of assigning the 

3 preference factor to the node calculated from a history 

4 of the node being visited by a requesting client seeking 

5 for connection to the node. 

1 30. The Btorage medium of claim 28, said network management 

2 process further comprising the step of assigning the 

3 preference factor to the node calculated from a time zone 

4 of feet between the node and the client. 
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1 31, The storage medium of claim 28, said network management 

2 process further comprising, in response to the client 

3 being external, the BtepQ of? 

4 in response to the node being external, assigning a first 

5 preference factor to the node; and 

6 ' in response to the node behind a firewall, assigning a 

7 second preference factor ©mailer than the first 

8 preference factor to the node. 

1 32. The storage medium of claim 28, said network management 

2 process further comprising, in response to the client 

3 behind a firewall, the steps of: 

4 in response to the node behind the firewall, assigning a 

5 first preference factor to the node; 

6 in response to the node being external, assigning a 

7 second preference factor smaller than the first 

8 preference factor to the node; 

9 in response to the node behind a second firewall 

10 different from the firewall and to the node being 

11 able to communicate with the requesting client 

12 through the firewall and the second firewall, 

13 assigning a third preference factor smaller than 

14 the second preference factor to the noder and 

15 in response to the node behind the second firewall and to 

16 the node being unable to communicate with the 

17 requesting client through the firewall and the 

18 second firewall, assigning a fourth preference 

19 factor smaller than the third preference factor to 

20 the node. 



-52- 



PAGE 58/81 1 RCVD AT 4/21/2005 8:36:17 PM [Eastern Daylight fine] * SVR:USPT0-EFXRF-1/1 * DNIS:8729306 * CSID; 1 815 572 8299 1 DURATION (mm-ss):27-04 



Ra: SN 10/709,391 From: John A. Smart 1 815 572 A299 



Date: 0<tf21/2005 Tlma: 5:37:16 PM 



Pafla 57 of fl 1 



WQ 03/03.9053 PCT/US02/35285 



1 33. The storage medium of claim 2B, said network management 

2 process further comprising the step of agsigning the 

3 preference factor to the node calculated from a mismatch 

4 between an address of the node and an address of the 

5 requesting client. 

1 34. The storage medium of claim 26, said network management 

2 process further comprising the steps of : 

3 in response to the client being external, assigning a 

4 first preference factor to the node calculated from 

5 a capacity of the node; 

6 in response to the client behind a firewall and the node 

7 behind the firewall, assigning the first preference 

8 factor to the node; and 

9 in response to the client behind a firewall and the node 

10 not behind the firewall, assigning a second 

11 preference factor equal to the first preference 

12 factor multiplied by a factor less than one to the 

13 node. 

1 35. The storage medium of claim 28, said network management 

2 process further comprising the step of assigning the 

3 preference factor to the node in response to the node 

4 calculated from a mismatch between an Autonomous System 

5 Number of the node and that of the client* 
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1 36. The storage medium of claim 21, said network management 

2 process further comprising, in response to a quality of 

3 data transmitted to the client below a standard, the step 

4 of relocating the client, 

1 37. The storage medium of claim 36, wherein the step of 

2 relocating the client in said network management process 

3 further includes the steps of : 

4 identifying a parent of the client as a marked node; and 

5 searching a new spot for the client, the new spot not 

6 being a child of the marked node. 

1 38, The storage medium of claim 37, wherein the step of 

2 relocating the client in Baid network management process 

3 further includes the steps of: 

4 in response a sibling of the client having a capacity for 

5 the client, connecting the client as a child of the 

6 sibling,- and 

7 9 in response to the sibling not having the capacity for 

8 the client, directing the client to the data stream 

9 source. 

1 39. The storage medium of claim 38, wherein the step of 

2 relocating the client in said network management process 

3 further includes the step of recursively searching the 

4 new spot for the client in the hierarchy structure. 

1 40. The process of claim 36, said network management process 

2 further comprising the step monitoring a jitter of a data 

3 stream transmitted to the client. 
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1 41* A network data transmission system (100), comprising: 

2 a content provider (101) ; 

3 a plurality of clients seeking data from Baid content 

4 provider (101) ; and 

5 a client connection manager (105) , said client connection 

6 manager (105) arranging said plurality of clients 

7 in a hierarchy tree structure (102) having a first 

8 client (112) of said plurality of clients coupled 

9 to said content provider (101) as a node in a first 

10 tier of the hierarchy tree structure (102) and at 

11 least a portion of remaining clients of said 

12 plurality of clients as a descendent of the first 

13 client (112) . 

1 42. The network data transmission system (100) of claim 41 , 

2 the first client (112) receiving data from said content 

3 provider (101) and relaying the data to the descendent 

4 thereof. 

1 43. The network data transmission system (100) of claim 42, 

2 said plurality of clients further including a second 

3 client (122) , the second client (122) being a child of 

4 the first client (112) in the hierarchy tree structure 

3 (102) and receiving the data from the first client (112) . 
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1 44. The network data transmission system (100) of claim 43 , 

2 said plurality of clients further including a third 

3 client (132), the third client (132) being a child of the 

4 second client (122) in the hierarchy tree structure (102) 

5 and receiving the data from the second client (122) . 

1 45. The network data transmission system (100) of claim 43, 

2 said plurality of clients further including a third 

3 client (124), the third client (124) being a child of the 

4 first client (112) and a sibling of the second client 

5 (122) in the hierarchy tree structure (102) and receiving 

6 the data from the first client (112) . 

1 46. The network data transmission system (100) of claim 41, 

2 said plurality of clients further including a second 

3 client (116) coupled to said content provider (101) as a 

4 node in a first tier of a second hierarchy tree structure 

5 (106) , the second client (116) receiving data from said 

6 content provider (101) . 

1 47. The network data transmission system (100) of claim 46, 

2 said plurality of clients further including a third 

3 client (126) , the third client (126) being a child of the 

4 second client (116) in the second hierarchy tree 

5 structure (106) and receiving the data from the second 

6 client (116) . 
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1 48. The network data transmission system (100) of claim 47, 

2 said plurality of clients further including a fourth 

3 client (136) , the fourth client (136) being a child of 

4 the third client (126) in the second hierarchy tree 

5 structure (106) and receiving the data from the third 

6 client (126) . 

1 49. The network data transmission system (100) of claim 47, 

2 said plurality of clients further including a fourth 

3 client (128) , the fourth client (128) being a child of 

4 the second client (116) and a sibling of the third client 

5 (126) in the eecond hierarchy tree structure (106) and 

6 receiving the data from the second client (116). 

1 50. The network data transmission system (100) of claim 41 i 

2 said client connection manager (105) arranging said 

3 plurality of clients into the hierarchy tree 

4 structure (102) in response to data transmission 

5 capacities of said content provider (101) and said 

6 plurality of clients; and 

7 said client connection manager (105) dynamically 

8 adjusting the hierarchy tree structure (102) in 

9 response to a data transmission quality in the 
10 hierarchy tree structure (102) . 
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1 51. A method for communicating between a first site behind a 

2 first firewall and a second site behind a second 

3 firewall, comprising: 

4 informing the second site about a port on the first 

5 firewall; 

€ transmitting a first data packet addressed to the port on 
7 the first firewall from the second site through a 

'8 port on the second firewall; 

9 relaying the first data packet to the first site in 

10 response to the first firewall being promiscuous; 

11 transmitting a second data packet addressed to the port 

12 on the second firewall from the first site through 

13 the port on the first firewall; and 

14 relaying the second data packet to the second site. 

1 52. The method of claim 51, wherein informing the second site 

2 about a port on the first firewall further includes: 

3 establishing a first link between the first site and an 

4 external site through the port on the first 
B firewall ; 

6 establishing a second link between the second site and 

7 the external site through the second firewall; and 

8 transmitting a message from the external source to the 

9 second site identifying the port on the first 
10 firewall. 
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1 53. The method of claim 52, wherein establishing a first link 

2 between the first site and an external site through the 

3 port on the first firewall and establishing a second link 

4 between the second site and the external site through the 

5 second firewall further include: 

6 transmitting a first initializing data packet from the 

7 first site to the external site through the port on 

8 the first firewall; and 

9 transmitting a second initializing data packet from the 

10 second site to the external site through the second 

11 firewall. 

1 54. The method of claim 51, further comprising identifying 

2 the first firewall as promiscuous. 

1 55. The method of claim 54, wherein identifying the first 

2 firewall includes: 

3 transmitting an outgoing data packet from the first site 
4 ■ to the external site through the port on the first 

5 firewall; 

6 informing a second external aite about the port on the 

7 first firewall, the second external site having a 

8 different network address from the first external 

9 site; 

10 transmitting an incoming data packet addressed to the 

11 port on the first firewall from the second external 

12 site; and 

13 identifying the first firewall as being promiscuous in 

14 response to the first site receiving the incoming 

15 data packet . 
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1 56. A method for communicating between a first site behind a 

2 first firewall and a second site behind a second 

3 firewall, comprising: 

4 informing the first site about the second firewall/ 

5 informing the second site about a port on the first 

6 firewall; 

7 transmitting a first data packet addressed to the second 

8 firewall through the port on the first firewall; 

9 transmitting a second data packet addressed to the port 

10 on the first firewall from the second site through 

11 a port on the second firewall; 

12 relaying the second data packet to the first site in 

13 response to the first firewall being non-strict; 

14 transmitting a third data packet addressed to the port on 

15 the second firewall from the first site through the 

16 port on the first firewall; and 

17 relaying the third data packet to the second site. 

1 57. The method of claim 56, wherein informing the first site 

2 - about the second firewall and informing the second site 

3 about a port on the first firewall further include: 

4 establishing a first link between the first site and an 

5 external site through the port on the first 

6 firewall and a second link between the second site 

7 and the external site through the second firewall; 

8 transmitting a first message from the external source to 

9 the first site identifying the second firewall; and 

10 transmitting a seaond message from the external source to 

11 the second site identifying the port on the first 

12 firewall. 
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1 5B. The method of claim 57, wherein establishing a first link 

2 between the first site and an external site through the 

3 port on the first firewall and a second link between the 

4 second site and the external site through the second 

5 firewall further includes: 

6 transmitting a first initializing data packet from the 

7 first site to the external site through the port on 

8 the firBt firewall; and 

9 transmitting a second initializing data packet from the 

10 second site to the external site through the second 

11 firewall. 

1 59. The method of claim 56, further comprising identifying 

2 the first firewall as non-strict. 

1 60. The method of claim 59, wherein identifying the first 

2 firewall includes: 

3 transmitting an outgoing data packet from the first site 

4 to a first port of the external site through the 

5 port on the first firewall; 

6 transmitting an incoming data packet addressed to the 

7 port on the first firewall from a second port on 

8 the external source, the second port being 

9 different from the first port; and 

10 identifying the first firewall as being non-strict in 

11 response to the first site receiving the incoming 

12 data packet. 
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